Use Small Business Server to full advantage

In the last few weeks I've received several calls asking for assistance with Small Business Server. In each case I have been amazed to discover that the businesses were running SBS either without Exchange Server enabled or with it crippled in some way. Microsoft has done a good job of selling SBS and it is an awesome deal, but apparently the VARs who have been selling and installing it have not done as good a job. Why? Do they not know how to use or configure all the features or is it because they can't convince the SMB to put them in place?

I'm referring specifically to the idea of hosting your own email server. It's not hard to do and I can't figure out why anyone wouldn't want to take advantage of it. The benefits are many. You have total control over your email. You never have to wonder if something got blocked in the spam blocker of your ISP. You can use Outlook Web Access to reach your email from anywhere. You can take advantage of all the benefits of a common shared or Global Address List (GAL). You can use ActiveSync to push your email out to mobile devices.

There are three basic requirements to hosting your email server safely and effectively. First get a great spam filter for Exchange Server. I always recommend Commtouch but you can also go with GFI Mail Security. I have also installed and used Freedom9 Freeguard at some clients. Commtouch is an outside service, GFI Mail Security runs on the Exchange Server and the Freeguard firewall does spam filtering or marking - you can either drop it completly or send it to the mailboxes (my preference) marked as spam and run rules to send it to a spam folder.

The second requirement is to have your ISP change your MX record so all email destined for your domain is sent directly to your Exchange Server. Now do you see why you MUST have a good spam filter in place first? Did you know that 95% of unfiltered email is spam? That can be quite a shock if you have been relying on your ISP to filter your spam for you. My home ISP uses Barracuda and it still struggles even though I've been training it for years. It will send things though that I know I've told it not to and stop things that I have previously cleared.

The third requirement in hosting your own email server is to set up a reverse DNS record with your ISP. This is especially important if you plan to send a lot of emails out through your Exchange Server like a weekly email newsletter to a large mailing list. Without the reverse DNS lookup configured properly with the word mail in their somewhere you will soon end up on the RBL (Real-time Black List) of the spam databases like Spamhaus, Spamcop and Spamcannibal. There are at least 100 spam databases out there. You do NOT want to get listed on any one of them because it a pain to get removed. You can check if you're listed on DNS Stuff.

What do you think? Has my experience been unique or do most SBS users host their own SMTP email on their Exchange Server?

Can you produce emails under legal order?

Awhile back we had a little 'situation' in our organization where we needed to be able to produce copies of emails sent or received by several of our employees. I thought I had it handled and that it would be no problem. I do two backups of our Exchange server each night - one of the entire Information Store (the database) and one of the individual mailboxes (aka brick level).

I have a twenty-day tape rotation and pull a tape once a month so I figured the chances of being able to reproduce the emails would be fairly high. Just pull a tape from the month-end after the time period in question, restore it to a recovery database and viola - there are the emails. The only problem is that the emails weren't there.

What happened? I know they were sent because I could see the headers on my Exchange Server tracking log which I had turned on long ago. I could even see log entries on my SMTP gateway log in Symantec AV for SMTP gateways. I had also turned that log on long ago. I was scratching my head for days all the while under the gun from the boss and the attorneys.

Here's what happened. The employee in question was a high-level executive who had done some social engineering with the IT Manager - me. I got took by a trusted employee because she sweet-talked me into revealing how emails could be permanently deleted in Exchange using a little known feature in OWA - the MS Outlook web client.

As soon as an email was sent or received by the employee that they didn't want tracked, they would delete it and then empty their deleted items folder. Then they would go into the OWA client into the options section and click on the 'View Items' in the 'Recover Deleted Items' section. From there you select the items and then click on 'Permanently Delete'.

You see, normally I have a 30-day window when any employee can recover their own deleted items or I can do it for them. This feature of Exchange is not turned on by default but I have found it very useful. I can't tell you how many times an employee has asked me to help them recover a deleted email before I turned this feature on so they could do it themselves.

If you do the permanent delete right away or at least before the end of the day when I do the nightly backup the items will not be saved. The trick is to catch it before the nightly backup. Otherwise I could still recover them from tape. I would have never revealed that little trick to just any employee but why should I question what a long-term trusted executive asked of me?

Well, that will never happen again. I have now put into place a new archive mailbox and turned on a feature in the Information Store that copies every single piece of email - in or out of the company or even intra-company - to this mailbox. Yes, it grows extraordinarily fast. I have to archive it off to a PST file and purge it at the end of every month or it would be unmanageable.

So now I can produce on demand any email from any employee and any time period even if it was deleted immediately. Yes, it even copies the porn, the jokes, the videos, the personal emails, everything except the spam. 99% of our spam is stopped by Commtouch before it gets to our Information Store. That's a fairly bulletproof backup solution if I say so myself.

PC Auditing made simple

One of my favorite system administrator tools is AuditWizard from Layton Technology. I found it a few years back and used it at a previous employer. When I came to my present employer I bought a 50-computer license because they told me that's how many computers I would be supporting. I quickly upgraded that to a 100-computer license and finally to 500 computers.

One of the things I like about it is that I can keep a history of my inventory. Every system administrator knows that there are always a dozen or more PCs floating around that aren't in actual productive use at the moment. So even though we really only have 80 to 100 computers that are in use and that I support, I have records of 120 computers in my database.

Some have been pressed back into service as a quasi-server, others to an unused back office where they are used more as a Terminal Server client or for guests to check email. Most are sitting on the bench awaiting an upgrade or repair before being redeployed for some function or as a spare when someone has a failure. My point is that I know exactly what I have on hand.

How does it work? Quite simply. The software is installed in a public folder on a server that can be reached by all workstations no matter what location or subnet they are on. I then modify the network logon script to require every workstation to run the auditing software in the background upon bootup. Yes, it adds about 5-10 seconds to the boot process but is well worth the annoyance to me.

What does it do for me? It saves me hours and hours of work that I don't enjoy and on which I have a hard time keeping up. The automatic audit records just about everything about the computer you could possibly need to know - hardware configuration, software installed, serial numbers, web browser cache, network addresses, patch history and lots more.

I have a policy of installing corporate licenses of software when I need it. At the end of the year I take an inventory by simply running a report in Audit Wizard and noting the difference between how many licenses I have consumed and how many we own. Submit the report to management and after a little grumbling and a small purchase we are legit again. Licensing compliance has never been simpler.

I use it almost daily. The report generator is excellent but tends to add a lot of fluff by spreading things out over too many pages. So I export to Excel, tweak it a little and I can tell you at the push of a button which computers need to have their memory upgraded this month or which are running low on hard drive space. It's a pretty slick piece of software.

I checked out lots of different pieces of auditing software before I found this one. I highly recommend it. What do you think? What PC auditing software do you use?

IP Telephony in the SMB

For years our Cisco VAR has been trying to get us to go to an IP phone system. I trust our reseller but kept asking him when he was going to put in his own IP system. Finally he did and the stakes got serious. "Come on, Tim. You could save your company thousands of dollars a year by putting in VoIP." Being the cautious guy that I am, I investigated several competitors, read their literature and listened to their sales pitches. I got several quotes and yes, the estimates bore out his claims. We probably could save thousands of dollars a year mainly because we have VPNs with remote locations.

So why did we sign another contract with AT&T, who now manages our local services which used to be provided by SBC and PacBell before that? Fear of change. Yep. No matter how persuasive it looked on paper I could not convince management that it would sound just as good to our clients. Given the type of clients we handle I can understand that saving $25,000 or even $50,000 was nothing compared to the fear of losing a client that generates millions of dollars in annual revenue. Besides, AT&T lowered our prices by bundling local and long distance together.

Now don't get me wrong. We will eventually go to IP Telephony and it may be sooner than management thinks. Why? Because we are running a 15-year old Panasonic DBS 72 hybrid phone system that could crash any day. The voice mail system is just as old - an Active Voice Replay Plus running in DOS on a 486. A 486? Yes, a 486! I swear someone did a great job of selling Active Voice systems back in the early 90's. I have managed the same system at each of the four companies I have worked for in the past 12 years.

So what was management so concerned about? Latency and Jitter. Gamers know latency as lag and jitter is the recompilation of packets in an order that can make speech unintelligible. I get a lot of calls from third-world call centers when I call for tech support. I don't intentionally call India but that's where it ends up. Most of these tech support centers are running VoIP and to me, it is very noticeable. I can understand why management is concerned if all VoIP calls sound like some I've had to put up with lately. But we put up with bad cell phone calls, don't we?

And yet management can be funny about wanting cost savings on fixed costs like phone bills. At one time I had to respond to requests from several managers as to why we weren't using Skype to communicate with our flight crews. Supposedly there are 250 million registered Skype users with as many as 10 million on line at any one point in time. Do you remember what happened to Skype on Aug 16th 2007? The network failed for two days due to so many users rebooting their systems after applying the regularly scheduled Microsoft security patches on patch Tuesday.

The FCC offers a great web site for educating the public about VoIP. How Stuff Works has a good multi-part article online that explains VoIP in simple enough terms that I could even recommend it to some of the management team. Pay special attention to part 8, the disadvantages to VoIP. Unlike regular phone service, VoIP depends on local power. And of course there is always Wikipedia for a fairly in-depth look at the topic.

What do you think? If you are in a small business, have you implemented VoIP yet?

The truth about Windows Vista adoption

I read a great article this morning in Jason Hiner's Tech Sanity Check on Tech Republic about Windows Vista adoption in business. I have long been wondering how Microsoft could be claiming that Vista sales are brisk. I am not seeing that in my own experience as an IT Manager of an SMB - Small to Medium Business. The article points out three areas in which Windows Vista sales are flourishing but concludes as I do from my own personal experience that Vista is not being deployed in the corporate environment in big numbers yet.

First there are the laptop sales, 95% of which come preloaded with some flavor of Windows Vista. The PC Industry on the whole is experiencing a 10% increase in computer sales over last year and a large part of those are laptops. Laptops, more appropriately called notebook computers account for more than 55% of all new hardware sales these days.

So the largest part of those Vista sales Microsoft is claiming come from all those laptops. I have seen that in my own experience as more users ask me to work on their personal laptops, which are running Vista. Yes, I still work on employee computers - can't seem to get away from it. If they connect to my network via a VPN I have a vested interest to make sure they are secure.

The next big chunk of Vista sales come from upgrades. Every early adopter of Vista I know has upgraded from the Home Basic version to the Home Premium or Ultimate, or better yet to Vista Business, usually at my urging. That's a no-brainer. But Microsoft's claim of high sales of Vista into Corporate America has long been surprising to me until now.

It appears that many large enterprises are renewing their corporate licensing agreements which includes provisions for future upgrades of the desktop OS to Vista. In other words, they are buying Vista on paper but not actually deploying it this year or maybe not even planning to do so next year. Like me, many have concluded to roll out Vista only when they have to due to either an inability to purchase XP or due to the unavailability of XP support from Microsoft.

Maybe I'm being a little harsh, but I just don't see what business benefits Windows Vista brings to our network. In fact, to me, the new security features are a hindrance to implementing the OS. I hate having to answer yes five times when I want to install a piece of software. Like Jason points out in the article, Microsoft has simply tried to transfer culpability to users for letting malware into a system. Why introduce another level of complexity for security?

Conclusion: We will not be rolling out Vista in the workplace until probably 2009 when most of our desktops are due for a normal tech refresh.

Where do you buy your laptop memory?

We probably have two dozen laptops in use among our executive, management and sales staff. As all computers do, laptops get old and slow with the growth of a bloated and patched operating system - Windows XP Pro. In order to extend the life of our laptops from three to five years I have been adding more memory where they are not already maxed out. XP Pro runs much better on 1GB than on 512MB and don't even think about running Vista on less than 1GB.

I buy from several vendors on a regular basis for computers, monitors, printers, disk drives, memory, software, office machines and supplies. One vendor that I like for laptop hard drives and memory is Kahlon. While their prices are not the rock bottom, they are reasonable, they have a great web site that is easy to navigate and fairly comprehensive and they provide great customer service. Shipping is not an issue for me as they are just a few miles away in Orange County.

As an example of their great customer service, I was having trouble confirming that a certain piece of Kahlon memory was compatible with the recommended part from HP which of course was literally ten times as much. I kid you not. The price for the same piece of memory on HP's online store was $309 and was only $34 on Kahlon. I emailed a request to confirm that it would work and had an answer within a few hours. What's more the memory worked when it arrived a few days later. Now that's good customer service.

I recommend Kahlon as a great source for laptop memory, hard drives and batteries.

Ziggs, Xing, Nayms, Ryze and ZoomInfo

Have you ever heard of these networking sites: Ziggs, Xing, Nayms, Ryze, Konnects or ZoomInfo? Except for ZoomInfo I hadn't either until recently but I joined them all today. I have been pushing my freelance consulting business and decided to do some online networking. I'm already a member of Linkedin, Technorati, Dice and a few other social networking sites, but I'm trying to focus the ones that are geared towards professionals and not teenagers - like MySpace or FaceBook.

It would be nice if there were some way to upload the information once to each of these sites but they all have their own interface. The best I can do is copy and paste from one to the other. I liked the automatic bio creator on Ziggs. You fill in a few pertinent pieces of information and does the rest. The result is a professional looking bio with career history, your educational background and a family or personal summary. I've always wanted something like that.

What do you think? Are online networking sites replacing traditional social networks?

Update: I also joined ecademy, but discovered that everyone who wanted to connect with me was in England. The same goes for Xing - everyone there seems to be in Germany.